On Mon, Jan 24, 2011 at 10:03:30PM +0200, Oliver McFadden wrote: > Button events may be sent with no valuators (e.g. to simply indicate > ButtonPress or ButtonRelease without any coordinates); when this happens > the server would read uninitialized memory. > > ==9999== Conditional jump or move depends on uninitialised value(s) > ==9999== at 0x48E87E8: pixman_f_transform_point (in > /usr/lib/libpixman-1.so.0.18.2) > ==9999== Uninitialised value was created by a stack allocation > ==9999== at 0x37524: GetPointerEvents (getevents.c:1074) > ==9999== > ==9999== Conditional jump or move depends on uninitialised value(s) > ==9999== at 0x496D074: lround (s_lround.c:40) > ==9999== by 0x3773B: GetPointerEvents (getevents.c:1048) > ==9999== by 0x683BB: xf86PostButtonEventP (xf86Xinput.c:1162) > ==9999== by 0x6853B: xf86PostButtonEvent (xf86Xinput.c:1126) > ==9999== by 0x5779037: process_state (multitouch.c:321) > (xf86-input-mtev) > ==9999== by 0x577908F: read_input (multitouch.c:331)) > (xf86-input-mtev) > ==9999== by 0x66B4F: xf86SigioReadInput (xf86Events.c:298) > ==9999== by 0x112697: xf86SIGIO (sigio.c:118) > ==9999== by 0x4A12B2F: ??? (sigrestorer.S:51) > ==9999== Uninitialised value was created by a stack allocation > ==9999== at 0x37524: GetPointerEvents (getevents.c:1074) > > Signed-off-by: Oliver McFadden <[email protected]>
Reviewed-by: Peter Hutterer <[email protected]> Jeremy, feel free to pick this up Cheers, Peter > --- > I'm not sure anyone actually cares about this patch anymore, since this code > has > changed completely due to the valuator rework. If someone wants to apply it to > the 1.9.2(.xxx) branches, then please be my guest. > > dix/getevents.c | 18 ++++++++++-------- > 1 files changed, 10 insertions(+), 8 deletions(-) > > diff --git a/dix/getevents.c b/dix/getevents.c > index e5134d3..f1e5514 100644 > --- a/dix/getevents.c > +++ b/dix/getevents.c > @@ -1034,19 +1034,21 @@ FreeEventList(EventListPtr list, int num_events) > } > > static void > -transformAbsolute(DeviceIntPtr dev, int v[MAX_VALUATORS]) > +transformAbsolute(DeviceIntPtr dev, int first, int num, int *valuators) > { > - struct pixman_f_vector p; > + struct pixman_f_vector p = { .v = {0.0, 0.0, 1.0} }; > > /* p' = M * p in homogeneous coordinates */ > - p.v[0] = v[0]; > - p.v[1] = v[1]; > - p.v[2] = 1.0; > + if (num >= 1 && first == 0) > + p.v[0] = *(valuators + 0); > + > + if (first <= 1 && num >= (2 - first)) > + p.v[1] = *(valuators + 1 - first); > > pixman_f_transform_point(&dev->transform, &p); > > - v[0] = lround(p.v[0]); > - v[1] = lround(p.v[1]); > + valuators[0] = lround(p.v[0]); > + valuators[1] = lround(p.v[1]); > } > > /** > @@ -1124,7 +1126,7 @@ GetPointerEvents(EventList *events, DeviceIntPtr pDev, > int type, int buttons, > scr->height); > } > > - transformAbsolute(pDev, valuators); > + transformAbsolute(pDev, first_valuator, num_valuators, valuators); > moveAbsolute(pDev, &x, &y, first_valuator, num_valuators, valuators); > } else { > if (flags & POINTER_ACCELERATE) { > -- > 1.7.1.245.g7c42e > _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
